Merge branch 'attack_execution_api' into attack_file_copy

# Conflicts:
#	monkey/monkey_island/cc/services/attack/attack_report.py
#	monkey/monkey_island/cc/services/attack/technique_reports/__init__.py
#	monkey/monkey_island/cc/ui/src/components/report-components/AttackReport.js
This commit is contained in:
VakarisZ 2019-07-09 09:37:40 +03:00
commit 3d0c564994
43 changed files with 479 additions and 62 deletions

View File

@ -14,6 +14,8 @@ from infection_monkey.config import WormConfiguration
from infection_monkey.exploit.tools.helpers import build_monkey_commandline_explicitly
from infection_monkey.model import MONKEY_CMDLINE_WINDOWS, MONKEY_CMDLINE_LINUX, GENERAL_CMDLINE_LINUX
from infection_monkey.system_info import SystemInfoCollector, OperatingSystem
from infection_monkey.telemetry.attack.t1106_telem import T1106Telem
from common.utils.attack_utils import ScanStatus
if "win32" == sys.platform:
from win32process import DETACHED_PROCESS
@ -156,5 +158,7 @@ class MonkeyDrops(object):
else:
LOG.debug("Dropper source file '%s' is marked for deletion on next boot",
self._config['source_path'])
T1106Telem(ScanStatus.USED, "WinAPI was used to mark monkey files"
" for deletion on next boot.").send()
except AttributeError:
LOG.error("Invalid configuration options. Failing")

View File

@ -10,6 +10,8 @@ from infection_monkey.model import MONKEY_CMDLINE_DETACHED_WINDOWS, DROPPER_CMDL
from infection_monkey.network import SMBFinger
from infection_monkey.network.tools import check_tcp_port
from common.utils.exploit_enum import ExploitType
from infection_monkey.telemetry.attack.t1035_telem import T1035Telem
from common.utils.attack_utils import ScanStatus
LOG = getLogger(__name__)
@ -129,10 +131,12 @@ class SmbExploiter(HostExploiter):
resp = scmr.hRCreateServiceW(scmr_rpc, sc_handle, self._config.smb_service_name, self._config.smb_service_name,
lpBinaryPathName=cmdline)
service = resp['lpServiceHandle']
try:
scmr.hRStartServiceW(scmr_rpc, service)
T1035Telem(ScanStatus.USED, "SMB exploiter ran the monkey by creating a service via MS-SCMR.").send()
except:
T1035Telem(ScanStatus.SCANNED,
"SMB exploiter failed to run the monkey by creating a service via MS-SCMR.").send()
pass
scmr.hRDeleteService(scmr_rpc, service)
scmr.hRCloseServiceHandle(scmr_rpc, service)

View File

@ -38,7 +38,7 @@ class WebLogicExploiter(HostExploiter):
_TARGET_OS_TYPE = ['linux', 'windows']
_EXPLOITED_SERVICE = 'Weblogic'
def exploit_host(self):
def _exploit_host(self):
exploiters = [WebLogic20192725, WebLogic201710271]
for exploiter in exploiters:
if exploiter(self.host).exploit_host():

View File

@ -16,6 +16,7 @@ from infection_monkey.network.network_scanner import NetworkScanner
from infection_monkey.system_info import SystemInfoCollector
from infection_monkey.system_singleton import SystemSingleton
from infection_monkey.telemetry.attack.victim_host_telem import VictimHostTelem
from infection_monkey.telemetry.attack.t1107_telem import T1107Telem
from infection_monkey.telemetry.scan_telem import ScanTelem
from infection_monkey.telemetry.state_telem import StateTelem
from infection_monkey.telemetry.system_info_telem import SystemInfoTelem
@ -178,8 +179,11 @@ class InfectionMonkey(object):
if monkey_tunnel:
monkey_tunnel.set_tunnel_for_host(machine)
if self._default_server:
if self._network.on_island(self._default_server):
machine.set_default_server(get_interface_to_target(machine.ip_addr) +
(':'+self._default_server_port if self._default_server_port else ''))
else:
machine.set_default_server(self._default_server)
LOG.debug("Default server: %s set to machine: %r" % (self._default_server, machine))
# Order exploits according to their type
@ -233,7 +237,6 @@ class InfectionMonkey(object):
self.send_log()
self._singleton.unlock()
utils.remove_monkey_dir()
InfectionMonkey.self_delete()
LOG.info("Monkey is shutting down")
@ -246,6 +249,9 @@ class InfectionMonkey(object):
@staticmethod
def self_delete():
status = ScanStatus.USED if utils.remove_monkey_dir() else ScanStatus.SCANNED
T1107Telem(status, utils.get_monkey_dir_path()).send()
if WormConfiguration.self_delete_in_cleanup \
and -1 == sys.executable.find('python'):
try:
@ -259,8 +265,10 @@ class InfectionMonkey(object):
close_fds=True, startupinfo=startupinfo)
else:
os.remove(sys.executable)
T1107Telem(ScanStatus.USED, sys.executable).send()
except Exception as exc:
LOG.error("Exception in self delete: %s", exc)
T1107Telem(ScanStatus.SCANNED, sys.executable).send()
def send_log(self):
monkey_log_path = utils.get_monkey_log_path()

View File

@ -118,3 +118,6 @@ class NetworkScanner(object):
if NetworkRange.get_range_obj(subnet_str).is_in_range(ip_address):
return True
return False
def on_island(self, server):
return bool([x for x in self._ip_addresses if x in server])

View File

@ -5,7 +5,9 @@ import socket
import zipfile
import infection_monkey.config
from common.utils.attack_utils import ScanStatus
from infection_monkey.telemetry.attack.t1129_telem import T1129Telem
from infection_monkey.telemetry.attack.t1106_telem import T1106Telem
from infection_monkey.pyinstaller_utils import get_binary_file_path, get_binaries_dir_path
__author__ = 'itay.mizeretz'
@ -45,12 +47,16 @@ class MimikatzCollector(object):
collect_proto = ctypes.WINFUNCTYPE(ctypes.c_int)
get_proto = ctypes.WINFUNCTYPE(MimikatzCollector.LogonData)
get_text_output_proto = ctypes.WINFUNCTYPE(ctypes.c_wchar_p)
T1106Telem(ScanStatus.USED, "WinAPI was called to load mimikatz.").send()
self._collect = collect_proto(("collect", self._dll))
self._get = get_proto(("get", self._dll))
self._get_text_output_proto = get_text_output_proto(("getTextOutput", self._dll))
self._isInit = True
T1129Telem(ScanStatus.USED, "Windows module loader was used to load Mimikatz DLL.").send()
except Exception:
LOG.exception("Error initializing mimikatz collector")
T1129Telem(ScanStatus.SCANNED, "Monkey tried to load Mimikatz DLL, but failed.").send()
T1106Telem(ScanStatus.SCANNED, "Monkey tried to call WinAPI to load mimikatz.").send()
def get_logon_info(self):
"""

View File

@ -4,6 +4,8 @@ import sys
from abc import ABCMeta, abstractmethod
from infection_monkey.config import WormConfiguration
from infection_monkey.telemetry.attack.t1106_telem import T1106Telem
from common.utils.attack_utils import ScanStatus
__author__ = 'itamar'
@ -46,6 +48,8 @@ class WindowsSystemSingleton(_SystemSingleton):
if not handle:
LOG.error("Cannot acquire system singleton %r, unknown error %d",
self._mutex_name, last_error)
T1106Telem(ScanStatus.SCANNED, "WinAPI call to acquire system singleton "
"for monkey process wasn't successful.").send()
return False
@ -56,7 +60,7 @@ class WindowsSystemSingleton(_SystemSingleton):
return False
self._mutex_handle = handle
T1106Telem(ScanStatus.USED, "WinAPI was called to acquire system singleton for monkey's process.").send()
LOG.debug("Global singleton mutex %r acquired",
self._mutex_name)

View File

@ -0,0 +1,11 @@
from infection_monkey.telemetry.attack.usage_telem import UsageTelem
class T1035Telem(UsageTelem):
def __init__(self, status, usage):
"""
T1035 telemetry.
:param status: ScanStatus of technique
:param usage: Usage string
"""
super(T1035Telem, self).__init__('T1035', status, usage)

View File

@ -0,0 +1,11 @@
from infection_monkey.telemetry.attack.usage_telem import UsageTelem
class T1106Telem(UsageTelem):
def __init__(self, status, usage):
"""
T1129 telemetry.
:param status: ScanStatus of technique
:param usage: Usage string
"""
super(T1106Telem, self).__init__("T1106", status, usage)

View File

@ -0,0 +1,19 @@
from infection_monkey.telemetry.attack.attack_telem import AttackTelem
class T1107Telem(AttackTelem):
def __init__(self, status, path):
"""
T1107 telemetry.
:param status: ScanStatus of technique
:param path: Path of deleted dir/file
"""
super(T1107Telem, self).__init__('T1107', status)
self.path = path
def get_data(self):
data = super(T1107Telem, self).get_data()
data.update({
'path': self.path
})
return data

View File

@ -0,0 +1,11 @@
from infection_monkey.telemetry.attack.usage_telem import UsageTelem
class T1129Telem(UsageTelem):
def __init__(self, status, usage):
"""
T1129 telemetry.
:param status: ScanStatus of technique
:param usage: Usage string
"""
super(T1129Telem, self).__init__("T1129", status, usage)

View File

@ -0,0 +1,20 @@
from infection_monkey.telemetry.attack.attack_telem import AttackTelem
class UsageTelem(AttackTelem):
def __init__(self, technique, status, usage):
"""
T1035 telemetry.
:param status: ScanStatus of technique
:param usage: Usage string
"""
super(UsageTelem, self).__init__(technique, status)
self.usage = usage
def get_data(self):
data = super(UsageTelem, self).get_data()
data.update({
'usage': self.usage
})
return data

View File

@ -49,8 +49,13 @@ def create_monkey_dir():
def remove_monkey_dir():
"""
Removes monkey's root directory
:return True if removed without errors and False otherwise
"""
shutil.rmtree(get_monkey_dir_path(), ignore_errors=True)
try:
shutil.rmtree(get_monkey_dir_path())
return True
except Exception:
return False
def get_monkey_dir_path():

View File

@ -1,7 +1,7 @@
import logging
from monkey_island.cc.models import Monkey
from monkey_island.cc.services.attack.technique_reports import T1210, T1197, T1110, T1075, T1003, T1059, T1086, T1082
from monkey_island.cc.services.attack.technique_reports import T1145, T1105, T1065
from monkey_island.cc.services.attack.technique_reports import T1145, T1105, T1065, T1035, T1129, T1106, T1107
from monkey_island.cc.services.attack.attack_config import AttackConfig
from monkey_island.cc.database import mongo
@ -20,7 +20,11 @@ TECHNIQUES = {'T1210': T1210.T1210,
'T1082': T1082.T1082,
'T1145': T1145.T1145,
'T1065': T1065.T1065,
'T1105': T1105.T1105}
'T1105': T1105.T1105,
'T1035': T1035.T1035,
'T1129': T1129.T1129,
'T1106': T1106.T1106,
'T1107': T1107.T1107}
REPORT_NAME = 'new_report'

View File

@ -99,6 +99,15 @@ SCHEMA = {
"necessary": True,
"description": "Adversaries may abuse BITS to download, execute, "
"and even clean up after running malicious code."
},
"T1107": {
"title": "T1107 File Deletion",
"type": "bool",
"value": True,
"necessary": True,
"description": "Adversaries may remove files over the course of an intrusion "
"to keep their footprint low or remove them at the end as part "
"of the post-intrusion cleanup process."
}
}
},
@ -106,6 +115,33 @@ SCHEMA = {
"title": "Execution",
"type": "object",
"properties": {
"T1035": {
"title": "T1035 Service execution",
"type": "bool",
"value": True,
"necessary": False,
"description": "Adversaries may execute a binary, command, or script via a method "
"that interacts with Windows services, such as the Service Control Manager.",
"depends_on": ["T1210"]
},
"T1129": {
"title": "T1129 Execution through module load",
"type": "bool",
"value": True,
"necessary": False,
"description": "The Windows module loader can be instructed to load DLLs from arbitrary "
"local paths and arbitrary Universal Naming Convention (UNC) network paths.",
"depends_on": ["T1078", "T1003"]
},
"T1106": {
"title": "T1106 Execution through API",
"type": "bool",
"value": True,
"necessary": False,
"description": "Adversary tools may directly use the Windows application "
"programming interface (API) to execute binaries.",
"depends_on": ["T1210"]
},
"T1059": {
"title": "T1059 Command line interface",
"type": "bool",

View File

@ -20,8 +20,8 @@ class T1003(AttackTechnique):
def get_report_data():
data = {'title': T1003.technique_title()}
if mongo.db.telemetry.count_documents(T1003.query):
status = ScanStatus.USED
status = ScanStatus.USED.value
else:
status = ScanStatus.UNSCANNED
status = ScanStatus.UNSCANNED.value
data.update(T1003.get_message_and_status(status))
return data

View File

@ -0,0 +1,17 @@
from monkey_island.cc.database import mongo
from monkey_island.cc.services.attack.technique_reports import AttackTechnique
__author__ = "VakarisZ"
class T1035(AttackTechnique):
tech_id = "T1035"
unscanned_msg = "Monkey didn't try to interact with Windows services."
scanned_msg = "Monkey tried to interact with Windows services, but failed."
used_msg = "Monkey successfully interacted with Windows services."
@staticmethod
def get_report_data():
data = T1035.get_tech_base_data()
data.update({'services': list(mongo.db.telemetry.aggregate(T1035.get_usage_query()))})
return data

View File

@ -27,8 +27,8 @@ class T1059(AttackTechnique):
cmd_data = list(mongo.db.telemetry.aggregate(T1059.query))
data = {'title': T1059.technique_title(), 'cmds': cmd_data}
if cmd_data:
status = ScanStatus.USED
status = ScanStatus.USED.value
else:
status = ScanStatus.UNSCANNED
status = ScanStatus.UNSCANNED.value
data.update(T1059.get_message_and_status(status))
return data

View File

@ -17,4 +17,4 @@ class T1065(AttackTechnique):
def get_report_data():
port = ConfigService.get_config_value(['cnc', 'servers', 'current_server']).split(':')[1]
T1065.used_msg = T1065.message % port
return T1065.get_base_data_by_status(ScanStatus.USED)
return T1065.get_base_data_by_status(ScanStatus.USED.value)

View File

@ -35,10 +35,10 @@ class T1075(AttackTechnique):
successful_logins = list(mongo.db.telemetry.aggregate(T1075.query))
data.update({'successful_logins': successful_logins})
if successful_logins:
status = ScanStatus.USED
status = ScanStatus.USED.value
elif mongo.db.telemetry.count_documents(T1075.login_attempt_query):
status = ScanStatus.SCANNED
status = ScanStatus.SCANNED.value
else:
status = ScanStatus.UNSCANNED
status = ScanStatus.UNSCANNED.value
data.update(T1075.get_message_and_status(status))
return data

View File

@ -40,8 +40,8 @@ class T1082(AttackTechnique):
system_info = list(mongo.db.telemetry.aggregate(T1082.query))
data.update({'system_info': system_info})
if system_info:
status = ScanStatus.USED
status = ScanStatus.USED.value
else:
status = ScanStatus.UNSCANNED
status = ScanStatus.UNSCANNED.value
data.update(T1082.get_message_and_status(status))
return data

View File

@ -29,8 +29,8 @@ class T1086(AttackTechnique):
cmd_data = list(mongo.db.telemetry.aggregate(T1086.query))
data = {'title': T1086.technique_title(), 'cmds': cmd_data}
if cmd_data:
status = ScanStatus.USED
status = ScanStatus.USED.value
else:
status = ScanStatus.UNSCANNED
status = ScanStatus.UNSCANNED.value
data.update(T1086.get_message_and_status(status))
return data

View File

@ -0,0 +1,17 @@
from monkey_island.cc.database import mongo
from monkey_island.cc.services.attack.technique_reports import AttackTechnique
__author__ = "VakarisZ"
class T1106(AttackTechnique):
tech_id = "T1106"
unscanned_msg = "Monkey didn't try to directly use WinAPI."
scanned_msg = "Monkey tried to use WinAPI, but failed."
used_msg = "Monkey successfully used WinAPI."
@staticmethod
def get_report_data():
data = T1106.get_tech_base_data()
data.update({'api_uses': list(mongo.db.telemetry.aggregate(T1106.get_usage_query()))})
return data

View File

@ -0,0 +1,32 @@
from monkey_island.cc.database import mongo
from monkey_island.cc.services.attack.technique_reports import AttackTechnique
__author__ = "VakarisZ"
class T1107(AttackTechnique):
tech_id = "T1107"
unscanned_msg = ""
scanned_msg = "Monkey tried to delete files on systems in the network, but failed."
used_msg = "Monkey successfully deleted files on systems in the network."
query = [{'$match': {'telem_category': 'attack',
'data.technique': 'T1107'}},
{'$lookup': {'from': 'monkey',
'localField': 'monkey_guid',
'foreignField': 'guid',
'as': 'monkey'}},
{'$project': {'monkey': {'$arrayElemAt': ['$monkey', 0]},
'status': '$data.status',
'path': '$data.path'}},
{'$addFields': {'_id': 0,
'machine': {'hostname': '$monkey.hostname', 'ips': '$monkey.ip_addresses'},
'monkey': 0}},
{'$group': {'_id': {'machine': '$machine', 'status': '$status', 'path': '$path'}}}]
@staticmethod
def get_report_data():
data = T1107.get_tech_base_data()
deleted_files = list(mongo.db.telemetry.aggregate(T1107.query))
data.update({'deleted_files': deleted_files})
return data

View File

@ -35,11 +35,11 @@ class T1110(AttackTechnique):
result['successful_creds'].append(T1110.parse_creds(attempt))
if succeeded:
status = ScanStatus.USED
status = ScanStatus.USED.value
elif attempts:
status = ScanStatus.SCANNED
status = ScanStatus.SCANNED.value
else:
status = ScanStatus.UNSCANNED
status = ScanStatus.UNSCANNED.value
data = T1110.get_base_data_by_status(status)
# Remove data with no successful brute force attempts
attempts = [attempt for attempt in attempts if attempt['attempts']]

View File

@ -0,0 +1,17 @@
from monkey_island.cc.database import mongo
from monkey_island.cc.services.attack.technique_reports import AttackTechnique
__author__ = "VakarisZ"
class T1129(AttackTechnique):
tech_id = "T1129"
unscanned_msg = "Monkey didn't try to load any DLL's."
scanned_msg = "Monkey tried to load DLL's, but failed."
used_msg = "Monkey successfully loaded DLL's using Windows module loader."
@staticmethod
def get_report_data():
data = T1129.get_tech_base_data()
data.update({'dlls': list(mongo.db.telemetry.aggregate(T1129.get_usage_query()))})
return data

View File

@ -23,9 +23,9 @@ class T1145(AttackTechnique):
ssh_info = list(mongo.db.telemetry.aggregate(T1145.query))
if ssh_info:
status = ScanStatus.USED
status = ScanStatus.USED.value
else:
status = ScanStatus.UNSCANNED
status = ScanStatus.UNSCANNED.value
data = T1145.get_base_data_by_status(status)
data.update({'ssh_info': ssh_info})
return data

View File

@ -18,11 +18,11 @@ class T1210(AttackTechnique):
scanned_services = T1210.get_scanned_services()
exploited_services = T1210.get_exploited_services()
if exploited_services:
status = ScanStatus.USED
status = ScanStatus.USED.value
elif scanned_services:
status = ScanStatus.SCANNED
status = ScanStatus.SCANNED.value
else:
status = ScanStatus.UNSCANNED
status = ScanStatus.UNSCANNED.value
data.update(T1210.get_message_and_status(status))
data.update({'scanned_services': scanned_services, 'exploited_services': exploited_services})
return data

View File

@ -50,38 +50,38 @@ class AttackTechnique(object):
def technique_status(cls):
"""
Gets the status of a certain attack technique.
:return: ScanStatus Enum object
:return: ScanStatus numeric value
"""
if mongo.db.telemetry.find_one({'telem_category': 'attack',
'data.status': ScanStatus.USED.value,
'data.technique': cls.tech_id}):
return ScanStatus.USED
return ScanStatus.USED.value
elif mongo.db.telemetry.find_one({'telem_category': 'attack',
'data.status': ScanStatus.SCANNED.value,
'data.technique': cls.tech_id}):
return ScanStatus.SCANNED
return ScanStatus.SCANNED.value
else:
return ScanStatus.UNSCANNED
return ScanStatus.UNSCANNED.value
@classmethod
def get_message_and_status(cls, status):
"""
Returns a dict with attack technique's message and status.
:param status: Enum type value from common/attack_utils.py
:param status: Enum from common/attack_utils.py integer value
:return: Dict with message and status
"""
return {'message': cls.get_message_by_status(status), 'status': status.name}
return {'message': cls.get_message_by_status(status), 'status': status}
@classmethod
def get_message_by_status(cls, status):
"""
Picks a message to return based on status.
:param status: Enum type value from common/attack_utils.py
:param status: Enum from common/attack_utils.py integer value
:return: message string
"""
if status == ScanStatus.UNSCANNED:
if status == ScanStatus.UNSCANNED.value:
return cls.unscanned_msg
elif status == ScanStatus.SCANNED:
elif status == ScanStatus.SCANNED.value:
return cls.scanned_msg
else:
return cls.used_msg
@ -97,12 +97,12 @@ class AttackTechnique(object):
def get_tech_base_data(cls):
"""
Gathers basic attack technique data into a dict.
:return: dict E.g. {'message': 'Brute force used', 'status': 'Used', 'title': 'T1110 Brute force'}
:return: dict E.g. {'message': 'Brute force used', 'status': 2, 'title': 'T1110 Brute force'}
"""
data = {}
status = cls.technique_status()
title = cls.technique_title()
data.update({'status': status.name,
data.update({'status': status,
'title': title,
'message': cls.get_message_by_status(status)})
return data
@ -112,3 +112,23 @@ class AttackTechnique(object):
data = cls.get_message_and_status(status)
data.update({'title': cls.technique_title()})
return data
@classmethod
def get_usage_query(cls):
"""
:return: Query that parses attack telems for simple report component
(gets machines and attack technique usage).
"""
return [{'$match': {'telem_category': 'attack',
'data.technique': cls.tech_id}},
{'$lookup': {'from': 'monkey',
'localField': 'monkey_guid',
'foreignField': 'guid',
'as': 'monkey'}},
{'$project': {'monkey': {'$arrayElemAt': ['$monkey', 0]},
'status': '$data.status',
'usage': '$data.usage'}},
{'$addFields': {'_id': 0,
'machine': {'hostname': '$monkey.hostname', 'ips': '$monkey.ip_addresses'},
'monkey': 0}},
{'$group': {'_id': {'machine': '$machine', 'status': '$status', 'usage': '$usage'}}}]

View File

@ -14,7 +14,7 @@ SCHEMA = {
"SmbExploiter"
],
"title": "SMB Exploiter",
"attack_techniques": ["T1110", "T1075"]
"attack_techniques": ["T1110", "T1075", "T1035"]
},
{
"type": "string",
@ -22,7 +22,7 @@ SCHEMA = {
"WmiExploiter"
],
"title": "WMI Exploiter",
"attack_techniques": ["T1110"]
"attack_techniques": ["T1110", "T1106"]
},
{
"type": "string",
@ -54,7 +54,7 @@ SCHEMA = {
"SSHExploiter"
],
"title": "SSH Exploiter",
"attack_techniques": ["T1110", "T1145"]
"attack_techniques": ["T1110", "T1145", "T1106"]
},
{
"type": "string",

View File

@ -19,3 +19,25 @@ export function renderMachineFromSystemData(data) {
});
return machineStr + ")"
}
/* Formats telemetry data that contains _id.machine and _id.usage fields into columns
for react table. */
export function getUsageColumns() {
return ([{
columns: [
{Header: 'Machine',
id: 'machine',
accessor: x => renderMachineFromSystemData(x._id.machine),
style: { 'whiteSpace': 'unset' },
width: 300},
{Header: 'Usage',
id: 'usage',
accessor: x => x._id.usage,
style: { 'whiteSpace': 'unset' }}]
}])}
export const scanStatus = {
UNSCANNED: 0,
SCANNED: 1,
USED: 2
};

View File

@ -2,6 +2,7 @@ import React from 'react';
import '../../../styles/Collapse.scss'
import '../../report-components/StolenPasswords'
import StolenPasswordsComponent from "../../report-components/StolenPasswords";
import {scanStatus} from "./Helpers"
class T1003 extends React.Component {
@ -15,7 +16,7 @@ class T1003 extends React.Component {
<div>
<div>{this.props.data.message}</div>
<br/>
{this.props.data.status === 'USED' ?
{this.props.data.status === scanStatus.USED ?
<StolenPasswordsComponent data={this.props.reportData.glance.stolen_creds.concat(this.props.reportData.glance.ssh_keys)}/>
: ""}
</div>

View File

@ -0,0 +1,30 @@
import React from 'react';
import '../../../styles/Collapse.scss'
import ReactTable from "react-table";
import { getUsageColumns } from "./Helpers"
class T1035 extends React.Component {
constructor(props) {
super(props);
}
render() {
return (
<div>
<div>{this.props.data.message}</div>
<br/>
{this.props.data.services.length !== 0 ?
<ReactTable
columns={getUsageColumns()}
data={this.props.data.services}
showPagination={false}
defaultPageSize={this.props.data.services.length}
/> : ""}
</div>
);
}
}
export default T1035;

View File

@ -1,7 +1,7 @@
import React from 'react';
import '../../../styles/Collapse.scss'
import ReactTable from "react-table";
import { renderMachine } from "./Helpers"
import { renderMachine, scanStatus } from "./Helpers"
class T1059 extends React.Component {
@ -25,7 +25,7 @@ class T1059 extends React.Component {
<div>
<div>{this.props.data.message}</div>
<br/>
{this.props.data.status === 'USED' ?
{this.props.data.status === scanStatus.USED ?
<ReactTable
columns={T1059.getCommandColumns()}
data={this.props.data.cmds}

View File

@ -1,7 +1,7 @@
import React from 'react';
import '../../../styles/Collapse.scss'
import ReactTable from "react-table";
import { renderMachine } from "./Helpers"
import { renderMachine, scanStatus } from "./Helpers"
class T1075 extends React.Component {
@ -34,7 +34,7 @@ class T1075 extends React.Component {
<div>
<div>{this.props.data.message}</div>
<br/>
{this.props.data.status === 'USED' ?
{this.props.data.status !== scanStatus.UNSCANNED ?
<ReactTable
columns={T1075.getHashColumns()}
data={this.props.data.successful_logins}

View File

@ -1,7 +1,7 @@
import React from 'react';
import '../../../styles/Collapse.scss'
import ReactTable from "react-table";
import { renderMachineFromSystemData } from "./Helpers"
import { renderMachineFromSystemData, scanStatus } from "./Helpers"
class T1082 extends React.Component {
@ -33,7 +33,7 @@ class T1082 extends React.Component {
<div>
<div>{this.props.data.message}</div>
<br/>
{this.props.data.status === 'USED' ?
{this.props.data.status === scanStatus.USED ?
<ReactTable
columns={T1082.getSystemInfoColumns()}
data={this.props.data.system_info}

View File

@ -1,7 +1,7 @@
import React from 'react';
import '../../../styles/Collapse.scss'
import ReactTable from "react-table";
import { renderMachine } from "./Helpers"
import { renderMachine, scanStatus } from "./Helpers"
class T1086 extends React.Component {
@ -25,7 +25,7 @@ class T1086 extends React.Component {
<div>
<div>{this.props.data.message}</div>
<br/>
{this.props.data.status === 'USED' ?
{this.props.data.status === scanStatus.USED ?
<ReactTable
columns={T1086.getPowershellColumns()}
data={this.props.data.cmds}

View File

@ -0,0 +1,30 @@
import React from 'react';
import '../../../styles/Collapse.scss'
import ReactTable from "react-table";
import { getUsageColumns } from "./Helpers"
class T1106 extends React.Component {
constructor(props) {
super(props);
}
render() {
return (
<div>
<div>{this.props.data.message}</div>
<br/>
{this.props.data.api_uses.length !== 0 ?
<ReactTable
columns={getUsageColumns()}
data={this.props.data.api_uses}
showPagination={false}
defaultPageSize={this.props.data.api_uses.length}
/> : ""}
</div>
);
}
}
export default T1106;

View File

@ -0,0 +1,47 @@
import React from 'react';
import '../../../styles/Collapse.scss'
import ReactTable from "react-table";
import { renderMachineFromSystemData, scanStatus } from "./Helpers"
class T1107 extends React.Component {
constructor(props) {
super(props);
}
static renderDelete(status){
if(status === scanStatus.USED){
return <span>Yes</span>
} else {
return <span>No</span>
}
}
static getDeletedFileColumns() {
return ([{
columns: [
{Header: 'Machine', id: 'machine', accessor: x => renderMachineFromSystemData(x._id.machine), style: { 'whiteSpace': 'unset' }},
{Header: 'Path', id: 'path', accessor: x => x._id.path, style: { 'whiteSpace': 'unset' }},
{Header: 'Deleted?', id: 'deleted', accessor: x => this.renderDelete(x._id.status),
style: { 'whiteSpace': 'unset' }, width: 160}]
}])};
render() {
return (
<div>
<div>{this.props.data.message}</div>
<br/>
{this.props.data.deleted_files.length !== 0 ?
<ReactTable
columns={T1107.getDeletedFileColumns()}
data={this.props.data.deleted_files}
showPagination={false}
defaultPageSize={this.props.data.deleted_files.length}
/> : ""}
</div>
);
}
}
export default T1107;

View File

@ -1,7 +1,7 @@
import React from 'react';
import '../../../styles/Collapse.scss'
import ReactTable from "react-table";
import { renderMachine } from "./Helpers"
import { renderMachine, scanStatus } from "./Helpers"
class T1110 extends React.Component {
@ -32,7 +32,7 @@ class T1110 extends React.Component {
<div>
<div>{this.props.data.message}</div>
<br/>
{(this.props.data.status === 'SCANNED' || this.props.data.status === 'USED') ?
{this.props.data.status !== scanStatus.UNSCANNED ?
<ReactTable
columns={T1110.getServiceColumns()}
data={this.props.data.services}

View File

@ -0,0 +1,29 @@
import React from 'react';
import '../../../styles/Collapse.scss'
import ReactTable from "react-table";
import {getUsageColumns} from "./Helpers";
class T1129 extends React.Component {
constructor(props) {
super(props);
}
render() {
return (
<div>
<div>{this.props.data.message}</div>
<br/>
{this.props.data.dlls.length !== 0 ?
<ReactTable
columns={getUsageColumns()}
data={this.props.data.dlls}
showPagination={false}
defaultPageSize={this.props.data.dlls.length}
/> : ""}
</div>
);
}
}
export default T1129;

View File

@ -1,7 +1,7 @@
import React from 'react';
import '../../../styles/Collapse.scss'
import ReactTable from "react-table";
import { renderMachineFromSystemData } from "./Helpers"
import { renderMachineFromSystemData, scanStatus } from "./Helpers"
class T1145 extends React.Component {
@ -38,7 +38,7 @@ class T1145 extends React.Component {
<div>
<div>{this.props.data.message}</div>
<br/>
{this.props.data.status === 'USED' ?
{this.props.data.status === scanStatus.USED ?
<ReactTable
columns={T1145.getKeysInfoColumns()}
data={this.props.data.ssh_info}

View File

@ -4,6 +4,7 @@ import {ReactiveGraph} from 'components/reactive-graph/ReactiveGraph';
import {edgeGroupToColor, options} from 'components/map/MapOptions';
import '../../styles/Collapse.scss';
import AuthComponent from '../AuthComponent';
import {scanStatus} from "../attack/techniques/Helpers";
import Collapse from '@kunukn/react-collapse';
import T1210 from '../attack/techniques/T1210';
import T1197 from '../attack/techniques/T1197';
@ -15,7 +16,11 @@ import T1086 from "../attack/techniques/T1086";
import T1082 from "../attack/techniques/T1082";
import T1145 from "../attack/techniques/T1145";
import T1105 from "../attack/techniques/T1105";
import T1107 from "../attack/techniques/T1107";
import T1065 from "../attack/techniques/T1065";
import T1035 from "../attack/techniques/T1035";
import T1129 from "../attack/techniques/T1129";
import T1106 from "../attack/techniques/T1106";
const tech_components = {
'T1210': T1210,
@ -28,7 +33,11 @@ const tech_components = {
'T1082': T1082,
'T1145': T1145,
'T1065': T1065,
'T1105': T1105
'T1105': T1105,
'T1035': T1035,
'T1129': T1129,
'T1106': T1106,
'T1107': T1107
};
const classNames = require('classnames');
@ -79,9 +88,9 @@ class AttackReportPageComponent extends AuthComponent {
getComponentClass(tech_id){
switch (this.state.report[tech_id].status) {
case 'SCANNED':
case scanStatus.SCANNED:
return 'collapse-info';
case 'USED':
case scanStatus.USED:
return 'collapse-danger';
default:
return 'collapse-default';